Database UpdateKaveh RanjbarDatabase Group Manager, RIPE NCC
RIPE NCC Database Group - 27 April 2011
Outline
• Short introduction to the Database Group• Status of APs and outstanding
deliverables• Projects completed between RIPE 61 and
62• RIPE Labs publication highlights• Q & A
2
RIPE NCC Database Group - 27 April 2011
RIPE Database Service
• Public Internet Resource Information for RIPE service region
• Internet Routing Registry• Repository for resource holder
information• Global Resource Information in RIPE RPSL• Tools on http://www.db.ripe.net• Prototypes on
http://labs.ripe.net/ripe-database3
RIPE NCC Database Group - 27 April 2011
The Database Group
4
KavehErik
Agoston
Denis
Benedetto
Bogdan
RIPE NCC Database Group - 27 April 2011
RIPE Database statistics
• Operational stats: http://www.ripe.net/info/stats/db/ripedb.html
5
Action PointsDenis WalkerDatabase Business Analyst, RIPE NCC
RIPE NCC Database Group - 27 April 2011
Action Points & Projects
• AP57.2 Cleanup forward domain data• AP59.1: Reverse Delegation Safeguards• AP61.1: “pingable:” attribute• AP61.2: To investigate the next appropriate
level of password hash • The RIPE community approved RIPE Policy
Proposal 2010-06 • Policy 2007-01• Dash ‘-’ notation in reverse DOMAIN
7
RIPE NCC Database Group - 27 April 2011
AP57.2: Cleanup forward domain data
• Started with DOMAIN objects in the RIPE Database for 43 ccTLDs
• 3 are still actively using the RIPE Database–All 4 working on alternative solutions
• 40 deleted – TLD object with all sub domains
• Users cannot create new TLD objects• Syntax will be changed when last 3
deleted 8
RIPE NCC Database Group - 27 April 2011
AP59.1: Reverse Delegation Safeguards
The week commencing 13 December 2010 the RIPE NCC deployed a version of the RIPE Database that implements these rules and cleaned-up the existing data.
It is no longer possible to create a reverse DNS DOMAIN object in the RIPE Database if either a more or less specific object already exists.
9
RIPE NCC Database Group - 27 April 2011
AP59.1: Reverse Delegation Safeguards (cont’d)
Objects that were cleaned up all had a less specific DOMAIN object in the database; therefore these objects did not have any operational effect on reverse DNS.
10
RIPE NCC Database Group - 27 April 2011
AP61.1: “pingable:” attribute
• On the 21st of February the RIPE NCC implemented the "pingable:" and "ping-hdl:" attributes according to the specification in RFC 5943.
• They can now be used in ROUTE and ROUTE6 objects in the RIPE Database.
• RFC 5943 describes the syntax and explains how to use them: http://tools.ietf.org/html/rfc5943
11
RIPE NCC Database Group - 27 April 2011
AP61.1: “pingable:” attribute (cont’d)
• The "pingable:" addresses are already active for beacons, anchors and debogon routes announced by the RIPE NCC Routing Information Service (RIS).
• For an example of how these are announced, see the ROUTE object for 84.205.81.0/24.
• For more information about RIS beacons and anchors, please see: http://www.ripe.net/data-tools/stats/ris/ris-routing-beacons
12
RIPE NCC Database Group - 27 April 2011
AP61.2: Appropriate level of password hash
• This action point was for the RIPE NCC to investigate using SHA2 for passwords.
• Proposal sent to mailing list• Discussion can follow this update.
13
RIPE NCC Database Group - 27 April 2011
Policy 2010-06
• The RIPE community approved RIPE Policy Proposal 2010-06, "Registration Requirements for IPv6 End User Assignments".
• The proposal is available at:
http://www.ripe.net/ripe/policies/proposals/2010-
06
14
RIPE NCC Database Group - 27 April 2011
Policy 2010-06 (cont’d)
• On the 15th of February the RIPE NCC deployed a version of the RIPE Database that implements the policy in the RIPE Database and other RIPE NCC processes, where necessary.
• Details of how to use the new aggregation feature of the RIPE Database can be found at: http://www.ripe.net/data-tools/support/documentation/
documenting-ipv6-assignments-in-the-ripe-database
• Currently 53340 INET6NUM objects in RIPE Database
• 75 have status AGGREGATED-BY-LIR
15
RIPE NCC Database Group - 27 April 2011
Policy 2007-01
• 2007-01 is Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region
• As part of the 2007-01 policy implementation the RIPE NCC has to:– Add RIPE-NCC-END-MNT to all AUT-NUM objects
– Change RIPE-NCC-HM-PI-MNT to RIPE-NCC-END-MNT on PI assignment objects or add where necessary
16
RIPE NCC Database Group - 27 April 2011
Dash notation in reverse DOMAIN
• Proposal sent to mailing list• Drop current dash ‘-’ syntax and
expansion from third octet (1-100.2.10.in-addr.arpa)
• Causes problems with DNSSEC• Allow dash in fourth octet for classless
delegations (6-25.1.2.10.in-addr.arpa)• Stored in RIPE Database with dash• Expansion done by DNS provisioning
17
GeolocatingKaveh RanjbarDatabase Group Manager, RIPE NCC
RIPE NCC Database Group - 27 April 2011
The Problem
• No mechanism to link IP addresses to a location
• No internationalisation information
• Establishing this is difficult and error prone:– Finding out a postal address is hard
– Translating the address to a geolocation is hard
– Knowing the language at that location is not always clear
• User services based on location and internationalisation may be mismatched
– Access to certain services could be blocked
– Content could be delivered in the wrong language19
RIPE NCC Database Group - 27 April 2011
The Solution
• Location and internationalisation details can be optionally linked to IP addresses– Resolution determined by LIR
• The holder of an IP address block is:– The authority on where the block is used
– Knows the preferred language
– Maintainer of the IP address data
• The RIPE NCC can provide the mechanism through the RIPE Database
to establish this link20
RIPE NCC Database Group - 27 April 2011
Everybody Benefits
• End Users– Providers can serve content in the desired language
– and related to the user’s location
• LIRs– More control over location based services supplied
– Less End User complaints
• Content Providers– Easier to address their target audience
• RIPE Database– Holds more accurate location data
21
RIPE NCC Database Group - 27 April 2011
The Way Forward
• Interest expressed from Google, MaxMind, IP2Location– If location data is added to your RIPE Database objects, it can be automatically included in their data sets
– higher priority input, authoritative source
• RIPE NCC will develop simple prototype on RIPE Labs
22
Development & Innovation highlightsBogdan DumitrescuSoftware Engineer
RIPE NCC Database Group - 27 April 2011
Prototypes and new services on RIPE Labs
• GRS Sources and the RIPE Database API- RIPE-GRS, APNIC-GRS, ARIN-GRS, LACNIC-GRS, RADB-GRS
- No personal data, no query limits, data may include non RPSL attributes
• RIPE Database REST API: Query + CRUD- New interfaces to the RIPE Database (HTTPS, XML, JSON, XLink, XPath,
etc.)
- Reusable building blocks for other services and tools
- http://labs.ripe.net/Members/bfiorell/api-documentation
• Search forms and tools – ready for production- Search, Lookup, Free-text Search, Abuse Finder
• Work in progress- Update Forms, Crypt Utils, Change Maintainer Authorisation
- REST CRUD API, new services for power users 24
DemoBogdan DumitrescuSoftware Engineer
Questions?